The Commsrisk Review of 2015

Father time is holding up his mirror, reminding us that another year has passed, and most of us are not looking any prettier. If readers are concerned by the bags under their eyes, or a sag around their waist, or a few more gray hairs on their head, at least they have a good excuse: they deal with risk and assurance in the comms sector. 2015 had it all: hacks, fights, scandals, buy-outs, bust-ups and crackdowns. Risk management never seemed more vital, but never has it faced such a struggle to remain relevant as old business models come under sustained attack, and governments take matters into their own hands. 2015 was the year when many thought the answer was Big Data, only to wonder if they were still asking the right questions. If you can say you predicted the events that unfolded in 2015, then you must be a liar. Here is a reminder of what happened during a topsy-turvy year for assurance and risk.

January to March

The year began with an extraordinary row in Ghana about how to tackle simbox fraud. Ghana’s government promised to save millions by implementing a national interconnect clearing house, whilst the opposition described the plans as ‘dishonest’. The public was so confused that the best-dressed man in business assurance, Nixon Wampamba, appeared on television to explain what everybody should do. Nixon told Ghana that the only real solution is to reduce the difference between national and international rates. Sadly, Ghana’s government did not listen.

Whilst the authorities in Ghana and Malawi were accused of using revenue assurance as an excuse to spy on the public, American and British intelligence agencies went one step further and hacked the world’s largest supplier of SIM cards. Despite this, the Brits pretended to be transparent by issuing a heavily redacted parliamentary report about GCHQ, the UK’s premier electronic eavesdroppers. The report said nobody need worry, because although GCHQ has access to lots of routes used by lots of people in lots of countries, they only have enough ears to listen to a tiny fraction of all the calls they are capable of intercepting. Not wanting to feel left behind in the competition for bragging rights amongst spy agencies, China’s government finally admitted they possess network attack forces. Literally nobody found this surprising.

There were some interesting developments amongst specialist risk vendors, with LATRO offering a new technology for detecting simboxes and recruitment taking place at Cartesian and cVidya. Meanwhile, new comms risks became evident following Apple’s entry into the watch market, and by observing the wide array of networked but lightly-regulated medical sensors touted at events like Wearable Tech 2015.

April to June

Verizon’s data breach report told us there was a significant rise in the number of personal records which had been compromised, but no great leap forward in the techniques used by hackers. AT&T learned how much breaches can cost, agreeing a record USD25mn settlement after information was sold by workers in their call centers. On the other side of the world, Huawei CEO Xu Zhijun openly criticized the Chinese government’s approach to cybersecurity.

In comparison to all the action in Africa, UK comms regulator Ofcom talked a lot about the need for accurate billing, but failed to do anything useful. For example, Ofcom promised to make bills more accurate by ‘reducing’ the extent of bill accuracy regulation. Soon afterwards, a slew of complaints prompted Ofcom to investigate the accuracy of Vodafone UK charges. By year’s end, that investigation had still not resulted in any action or public announcement, despite Vodafone’s postpaid mobile service generating twice as many complaints as the industry average.

European Commissioner Andrus Ansip tried to get ahead of technology change with a vague new strategy for a European ‘Digital Single Market’, though like everything to do with electronic communications, an earlier and more radical draft was leaked. Ansip’s strategy promised to help network providers, not by reducing their regulatory obligations but by creating new burdens for their OTT rivals. One of the few concrete proposals promised an end to geo-blocking of content within the EU, and this was supported by the EU Parliament.

Mass CDR collection briefly became the biggest news story in the USA, after a federal court decided the NSA had collected bulk phone data without proper authority, and Presidential hopeful Senator Rand Paul followed that by speaking for 10 hours about the evils of excessive data gathering. Paul’s Herculean effort resulted in a very brief interruption to the US government’s collection of phone records, but normal service was resumed soon after, except telcos were told to retain data in case the NSA needed it later, instead of handing it over immediately. One of the issues raised by Senator Paul was how surveillance damaged American business, and this was later confirmed when an American founder of Silent Circle, suppliers of encrypted comms products and services, explained why they chose to base their company in Switzerland.

Commsrisk also showed itself ahead of the curve by noticing the threat to the EU-US Safe Harbor agreement for personal data, when Austrian privacy activist Max Schrems succeeded in appealing his dispute with Facebook to the European Court of Justice (ECJ). We celebrated a major milestone just a few days later, with the publication of our 1000th article.

The importance of security was reiterated when users of the Ashley Madison dating service found their marriages at risk after blackmailers obtained their data. A separate data breach by Carphone Warehouse affected 2.4 million customers. However, anyone wanting help from the United Nations should think again, after its new privacy chief tried to explain why the internet needs its own version of the Geneva Convention. Bizarrely, he linked the genuine and pressing issue of internet privacy to the alleged problem of too many CCTV cameras being used to spy on remote parts of the English countryside. Repressive governments worldwide must have enjoyed the revelation that the UN’s top priority is protecting the privacy of English hikers and English sheep.

October to December

The snowball of data breaches ran out of control in the final quarter of the year. 15mn customers of T-Mobile USA were affected by a breach at credit bureau Experian whilst TalkTalk’s CEO went into public relations overdrive to claw back some of the 30 percent drop in her company’s share price following yet another hack attack. But the combined corporate failures on either side of the Atlantic were insignificant compared to the devastation caused to US and EU data protection law by Max Schrems’ day in court. Schrems persuaded the ECJ to unceremoniously dump the EU-US Safe Harbor, successfully arguing that the agreement was invalid because the US government gathers data in ways that conflict with the rights of EU citizens.

Lycamobile, a cut-rate international comms group, found themselves suffering unwanted publicity when a newszine published evidence of alleged money laundering. The evidence was circumstantial in nature, and the original source was an investigation by private detectives hired by Lebara, the main competitor to Lycamobile. Lycamobile and Lebara are run by two Sri Lankans with a bitter personal rivalry, leading many to conclude that Lycamobile were the victims of a smear story.

And Beyond…?

One sure prediction is that the future will be increasingly hard to predict, because everything is getting more complex. Even if we possess a lot more data, human minds still make the ultimate decisions, and human beings still suffer the same old biases and frailties. The expansion of Commsrisk’s remit to cover a wider range of topics has illustrated the blurring of the boundaries between telecoms and other kinds of business, and also the tendency for new technology to pose questions that only receive a proper answer after we have experienced what can go wrong. Just as governments were wrong to try to deal with the mismatch between EU and US data protection law through the flawed Safe Harbor agreement, game-changing technologies like wearable medical sensors and cryptocurrencies will further test how societies cope with the upsides and downsides of new networked technology. The hottest topic of 2015 was OTT bypass, which has the potential to cause havoc to voice termination. However, neither governments nor the public have observed the likely relationship between an undesirable OTT customer experience and the way network neutrality is imposed. Serious questions can only be answered by serious people; assurance and risk professionals need to supply not only the answers, but also the data that supports those answers.

Thanks to you, we can be confident about something else: Commsrisk serves a useful purpose. Our readership numbers reached unexpected new heights in 2015. As Editor, my aim is to weave together seemingly disparate stories, showing them side-by-side, and then highlighting the links between them. This way, we can observe the main trends relating to change and risk, and so separate the key drivers of business success from the surrounding cacophony of complexity. Commsrisk will continue to be here in 2016, presenting the stories that matter to anyone working in communications risk and assurance. With your help, we intend to rise to the many challenges that lie ahead.

About the Author

Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.